// SPDX-License-Identifier: GPL-2.0-or-later /* CacheFiles security management * * Copyright (C) 2007, 2021 Red Hat, Inc. All Rights Reserved. * Written by David Howells (dhowells@redhat.com)
*/
/* * determine the security context within which we access the cache from within * the kernel
*/ int cachefiles_get_security_ID(struct cachefiles_cache *cache)
{ struct cred *new; int ret;
/* * see if mkdir and create can be performed in the root directory
*/ staticint cachefiles_check_cache_dir(struct cachefiles_cache *cache, struct dentry *root)
{ int ret;
ret = security_inode_mkdir(d_backing_inode(root), root, 0); if (ret < 0) {
pr_err("Security denies permission to make dirs: error %d",
ret); return ret;
}
ret = security_inode_create(d_backing_inode(root), root, 0); if (ret < 0)
pr_err("Security denies permission to create files: error %d",
ret);
return ret;
}
/* * check the security details of the on-disk cache * - must be called with security override in force * - must return with a security override in force - even in the case of an * error
*/ int cachefiles_determine_cache_security(struct cachefiles_cache *cache, struct dentry *root, conststruct cred **_saved_cred)
{ struct cred *new; int ret;
_enter("");
/* duplicate the cache creds for COW (the override is currently in
* force, so we can use prepare_creds() to do this) */ new = prepare_creds(); if (!new) return -ENOMEM;
cachefiles_end_secure(cache, *_saved_cred);
/* use the cache root dir's security context as the basis with
* which create files */
ret = set_create_files_as(new, d_backing_inode(root)); if (ret < 0) {
abort_creds(new);
cachefiles_begin_secure(cache, _saved_cred);
_leave(" = %d [cfa]", ret); return ret;
}
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
